{"cve":{"cve_id":"CVE-2026-6681","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":null,"epss_percentile":null,"epss_as_of":null,"description":"The PKCS#7 decode path ignores the caller-supplied output buffer size (outputSz), allowing decoded content to be written past the bounds of the provided buffer. This affects wolfSSL 5.9.0 and earlier and was fixed in the 5.9.1 release.","published_at":"2026-06-25T20:11:39.446000Z","last_modified_at":null,"cvss_v3_score":null,"cvss_v3_vector":null,"cvss_v3_severity":null,"cvss_v4_score":1.0,"cvss_v4_vector":"CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/U:Clear","cvss_v4_severity":"LOW","ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-787","CWE-120"],"nvd_references":["https://github.com/wolfSSL/wolfssl/pull/10116","https://www.wolfssl.com/docs/security-vulnerabilities/"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-28T17:56:06.764790Z","updated_at":"2026-06-28T23:31:02.463961Z"},"effective_severity":"LOW","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":null,"metrics":[]},"cvss_v4_decoded":{"version":"4.0","metrics":[{"metric":"AV","name":"Attack Vector","value":"A","value_label":"Adjacent"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"AT","name":"Attack Requirements","value":"P","value_label":"Present"},{"metric":"PR","name":"Privileges Required","value":"L","value_label":"Low"},{"metric":"UI","name":"User Interaction","value":"P","value_label":"Passive"},{"metric":"VC","name":"Confidentiality (Vulnerable System)","value":"N","value_label":"None"},{"metric":"VI","name":"Integrity (Vulnerable System)","value":"L","value_label":"Low"},{"metric":"VA","name":"Availability (Vulnerable System)","value":"N","value_label":"None"},{"metric":"SC","name":"Confidentiality (Subsequent System)","value":"N","value_label":"None"},{"metric":"SI","name":"Integrity (Subsequent System)","value":"N","value_label":"None"},{"metric":"SA","name":"Availability (Subsequent System)","value":"N","value_label":"None"},{"metric":"U","name":"U","value":"Clear","value_label":"Clear"}]},"affected":[{"vendor_slug":"wolfssl","vendor_name":"wolfSSL","product_slug":"wolfssl","product_name":"wolfSSL","version_start":"3.10.0","version_start_inclusive":true,"version_end":"5.9.0","version_end_inclusive":true,"cpe23_uri":"cve5:wolfssl:wolfssl:3.10.0:5.9.0"}],"exploit_refs":[],"news":[],"references":[{"url":"https://github.com/wolfSSL/wolfssl/pull/10116","source_type":"PATCH","tags":["patch"]},{"url":"https://www.wolfssl.com/docs/security-vulnerabilities/","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2026-06-25T20:11:39.446000Z","label":"CVE published","source":null}]}